Latest Stories

Help for Solving CPAs' Ethical Dilemmas

Company controller Plony, CPA, prepared his employer’s 2007
financial statements knowing that they misstated revenues. The
company’s CEO, who could fire Plony at will, “strongly urged” Plony to
record sales at full invoice prices despite customers’ rights to
return merchandise long after a normal return period. Plony’s
brother-in-law, a company in-house lawyer, wrote the sales contracts
and assured Plony that recording the full sales amounts was
appropriate. After investigating the misstatement, the Illinois
Department of Financial and Professional Regulation revoked Plony’s
CPA certificate for “negligence in the preparation of financial
statements” and “subordination of judgment” even though he was not in
public practice.

In another ethics violation case, the California Board of
Accountancy disciplined Hy Falutin & Co., CPAs, (the firm’s name
and other facts have been modified) when it audited a bank’s financial
statements while the firm’s consulting group concurrently sold the
client’s debt consolidation services. The Board of Accountancy imposed
a three-year CPA license probation plus frequent and costly peer reviews.

While the first example is a fictitious case intended to illustrate
threats in the workplace, the second example is based on an actual
situation that resulted in disciplinary action by the SEC and
California Board of Accountancy. Attention to the AICPA’s Guide for
Complying with Rules 102–505 could have helped these CPAs solve
their ethical dilemmas and avoid violations of the AICPA Code of
Professional Conduct. Using these two general examples, this
article explains the guide’s “threats and safeguards” approach to
achieving compliance with the AICPA Code of Professional Conduct
and applies that approach to the above ethical dilemmas.

DefinitionsAcceptable level. A level where a reasonable and informed
third party would likely conclude, weighing all specific facts and
circumstances, that compliance with the rules is not compromised.

Threat. The risk that relationships or circumstances
could compromise a member’s compliance with the rules.

Safeguards. Actions or other measures to eliminate
threats or reduce them to acceptable levels.

OVERVIEWThe AICPA’s bylaws require all members (those providing
services as employees, owners, volunteers or consultants; those in
public practice, business, academia or government) to comply with the
ethical requirements of the AICPA’s Code of Professional
Conduct. The code’s Rules of Conduct govern members’
performance of professional services, and its interpretations and
rulings provide authoritative guidance to apply those rules to
specific situations.

Since the code’s rules, interpretations and rulings cannot address
every possible ethically challenging relationship or circumstance, the
AICPA issued on Nov. 10 A Guide for Complying with Rules 102–505
to help CPAs solve ethical dilemmas not explicitly addressed in
the code. The guide’s use is not mandatory, and while it helps CPAs
comply with the code in unusual ethical relationships or
circumstances, the guide can never justify noncompliance with the code.

Rules of Conduct Covered by the Guide
The AICPA Code of Professional Conduct
includes 11 rules (AICPA, Professional Standards
, vol. 2, ET sections 100 to 500):

Rule 101, Independence

Rule 102, Integrity and Objectivity

Rule 201, General Standards

Rule 202, Compliance With Standards

Rule 203, Accounting Principles

Rule 301, Confidential Client Information

Rule 302, Contingent Fees

Rule 501, Acts Discreditable

Rule 502, Advertising and Other Forms of Solicitation

Rule 503, Commissions and Referral Fees

Rule 505, Form of Organization and Name

THREATS AND SAFEGUARDS APPROACHThe guide’s “threats and safeguards” approach can help members
comply with the rules in situations not explicitly addressed in the
code—an approach that the AICPA’s Professional Ethics Executive
Committee also uses when developing the code’s interpretations and rulings.

The threats and safeguards approach identifies threats to compliance
with the rules and evaluates the significance of those threats. If a
threat is not at an “acceptable level” (see box, “Definitions”),
members should determine whether safeguards can eliminate or reduce
the threat to an acceptable level and, if so, apply such safeguards
or, if not, avoid the situation that creates the threat. Members
should evaluate in-the-aggregate a situation with multiple threats
since the cumulative effect could be at an unacceptable level.

Identifying threats. Members often face risks of
encountering relationships or circumstances that could compromise
compliance with the rules (in other words, “threats”) in their duties
or work environments.

The guide provides six threat categories to help members identify
and develop sensitivity to potential threats:

Self-review threat. The threat that a member will not
appropriately evaluate the results of prior services performed by
the member himself or herself, or by an individual in the member’s
firm or employing organization.

Advocacy threat. The threat that a member will promote a
client or employer’s position to the point that his or her
objectivity is compromised.

Adverse interest threat. The threat that a member will not be
objective because his or her interests are in opposition to those of
a client or employer.

Familiarity threat. The threat that because of a long or
close relationship with a client or employer, a member will become
too sympathetic to their interests or too accepting of their work.

Undue influence threat. The threat that a member
will subordinate his or her judgment to that of an individual
associated with a client, employer or other relevant third party
because of the individual’s (1) reputation or expertise, (2)
aggressive or dominant personality, or (3) attempts to coerce or
exercise excessive influence over the member.

Self-interest threat. The threat that a member will act in a
manner that is adverse to the interests of his or her firm,
employer, client or the public, as a result of the member or his or
her close family member’s financial interest in or other
relationship with a client or the employer.

Evaluating the significance of a threat. The existence of
a threat does not necessarily mean noncompliance with the rules;
rather, members should evaluate a threat’s significance by considering
whether a reasonable and informed third party, weighing all
quantitative and qualitative facts and circumstances, would likely
conclude that the threat would compromise the member’s compliance with
the rules. If this evaluation finds that the threat would not
compromise a member’s compliance, the threat is at an acceptable
level, requiring no further evaluation under the guide. If the
evaluation finds the threat at an unacceptable level, the member
should identify and apply appropriate safeguards.

Identifying and applying safeguards. Required or
prohibited actions and internal control measures can serve as
safeguards to eliminate or reduce threats to acceptable levels. The
profession, legislation and public regulations create some safeguards
for all members. Employers implement other safeguards in the specific
work environment. Members in public practice also may consider their
client’s safeguards when evaluating the significance of a threat.

Below are examples of safeguards and associated threats they might reduce:

Determining which safeguard to apply requires judgment, since a
safeguard’s effectiveness can vary from one environment to another.
Members should analyze a particular situation’s facts and
circumstances, identify significant threats and then design
safeguards, considering:

The safeguard’s objective.

Parties who will be subject to the safeguard.

How the safeguard will be applied (for example, uniformly,
consistently, objectively).

Who will apply the safeguard (for example, a third party, a
supervisor, a computer).

A threat is reduced to an acceptable level if, after applying
safeguards, a reasonable and informed third party would likely
conclude that compliance with the rules is not compromised.

What if there are no effective safeguards? A threat may
be so significant that no safeguard can eliminate or reduce it to an
acceptable level. If so, providing the specific professional or
employee service will likely cause noncompliance with the rules. While
declining or discontinuing the service would prevent a rules
violation, the member should also consider the stronger response of
resigning from the client or employment position.

Seek AdviceBefore pursuing a course of action to resolve ethical
dilemmas, a member may want to consult with legal counsel, applicable
professional bodies, and appropriate firm or employer personnel. The
AICPA provides an ethics hotline to assist members in this and other
ethics issues. Inquiries can be made by phone, 888-777-7077 (menu
option 5, followed by menu option 2), or via e-mail at ethics@aicpa.org. Members may be
well-advised to document the ethical conflict’s substance, details of
discussions and suggested decisions.

ETHICAL CONFLICTS UNRELATED TO THREATSMembers may confront ethical conflicts due to internal or
external work-environment pressures or conflicts within professional
standards unrelated to threats described above. For example, a member
may encounter a fraud and feel ethically bound to report it; but
reporting the fraud could breach Rule 301’s mandate to maintain client
confidentiality. To resolve such ethical conflicts and comply with the
rules, the guide recommends that members:

a. Recognize and consider all relevant facts and circumstances,
including applicable rules, laws or regulations,

b. Consider the ethical issues involved,

c. Consider established internal procedures, and then

d. Formulate alternative courses of action.

After weighing the consequences of each course of action, the member
should select the course that best enables compliance with the rules.

Before pursuing the selected course of action, the member may want
to consult with legal counsel, applicable professional bodies (see
sidebar, “Seek Advice”) and appropriate firm or employer personnel. If
the conflict remains unresolved after pursuing the selected course of
action, the member should consider further consultation with those
advisers to review the process and reach a different resolution.
Members may be well-advised to document the ethical conflict’s
substance, details of discussions and suggested decisions.

What if there is no effective resolution? If, after
exhausting all reasonable possibilities, the ethical conflict remains
unresolved, members will probably not be in compliance with the rules
if they remain associated with the matter creating the conflict. In
this case, members should consider withdrawing from the engagement
team or specific assignment, and perhaps consider the stronger
response of resigning from the client or employment position.

APPLYING THE GUIDE TO TWO ETHICS VIOLATION CASESCPA Plony, whose boss urged him to record transactions contrary
to GAAP and whose brother-in-law analyzed GAAP for him, should have
referred to Interpretation 102-4 (ET section 102.05) that prescribes
potentially confrontational actions when a member’s interpretation of
GAAP differs from those of his or her supervisors.

However, with the guide’s “threats and safeguards” approach, the
unwelcomed need to invoke Interpretation 102-4 might have been
avoided, as in this scenario: Plony recognized the CEO’s authority to
fire him at-will as an “undue influence threat” and his
brother-in-law’s legal counsel as a “familiarity threat.” Plony wrote
a memo to his files discussing both threats and his belief that a
reasonable and informed third party, weighing all the facts and
circumstances, would likely conclude that the threats—separately and
in the aggregate—compromise his compliance with rules 102, 201 and 202.

He considered actions or policies that might reduce the two threats
to acceptable levels and wrote to the company’s audit committee
suggesting safeguards to protect his objectivity: (1) an officer’s
employment termination should require a due process hearing before an
independent arbitrator, allowing the officer to respond to
allegations; and (2) staff preparing financial statements cannot be
related to staff generating transactions or related documents. The
audit committee adopted the due process personnel policy and assigned
Plony’s brother-in-law to other legal matters. Plony properly deferred
revenue recognition on the dubious sales in accordance with the
provisions of FASB Statement no. 48.

The guide also could have helped Hy Falutin & Co., as in this
revised sequence of events: Two audit team members familiar with the
AICPA’s threats and safeguards approach knew that the firm’s
consulting group was negotiating a client-firm joint marketing venture
and wrote memos identifying a “self-review threat,” “advocacy threat,”
“self-interest threat” and independence issues. Their memo labeled the
threats “severe and urgent.” The lead partner found that no safeguards
could adequately reduce the threats to acceptable levels, and the firm
immediately withdrew from the nonaudit activities.

CONCLUSIONAll AICPA members must comply with rules 102–505 of the AICPA’s
Code of Professional Conduct. The recently issued AICPA
Guide for Complying with Rules 102–505 provides a prudent,
though not required, “threats and safeguards” approach to help members
solve ethical dilemmas in situations not explicitl addressed in the
code’s rules, interpretations or rulings. The guide defines six
categories of threats to complying with the rules and analyzes
strategies for identifying and applying safeguards to eliminate or
reduce threats to acceptable levels. The guide also discusses “ethical
conflict resolution” for situations where members encounter obstacles
to following appropriate courses of action.

When no safeguard can reduce a significant threat to an acceptable
level or when an ethical conflict remains unresolved, members will
probably not comply with the rules, requiring them to consider
declining or discontinuing the service, withdrawing from the
engagement team or specific assignment, or even resigning from the
client or employment position.

Examples of Threats to Compliance With AICPA Rules of ConductSituation: As part of an attest engagement, a member uses
consulting work previously done by his firm.Threat:Self-review and self-interest
threats to compliance with rules 102 and 201.

Situation: A member has charged his employer with violating
certain labor laws.Threat:Adverse interest threat to compliance with
Rule 102.

Situation: An employer pressures a member to be associated
with misleading information.Threat:Undue influence threat to compliiance with
rules 102 and 201.

Situation: A member is directed to complete a task within an
unrealistic time frame.Threat:Undue influence threat to compliance with
rules 102 and 201.

Situation: Revenue received from a single client is
significant to the firm.Threat: Self-interest threat to compliance with Rule 102.

EXECUTIVE SUMMARY

The AICPA recently issued a guide to help CPAs comply
with rules 102–505 of its Code of Professional Conduct,
affecting members in public practice, business, academia and government.

The guide, while not an authoritative standard, provides
an approach to help solve CPAs’ ethical dilemmas. The approach
involves identifying and evaluating ethical “threats” and, if a threat
is more than trivial, applying “safeguards” to eliminate or mitigate
the threat.

A “threat” is the risk that relationships or
circumstances could compromise a member’s compliance with rules of the
AIPCA Code of Professional Conduct.

“Safeguards” are actions or other measures that
eliminate threats or reduce them to acceptable levels.

Facing nontrivial threats and lacking effective
safeguards, members should usually decline or discontinue the services
creating the threats or consider resigning from the client or
employing organization.

Martin A. Leibowitz, CPA, Ph.D., is a faculty member of the
Sy Syms School of Business at Yeshiva University in New York City,
and Alan Reinstein, CPA, DBA, is the George R. Husband
Professor of Accounting at Wayne State University in Detroit. Their
e-mail addresses, respectively, are leibowit@yu.edu and aa1692@wayne.edu.

When professionals prepare written material for readers inside their organization or outside, they should make sure that no errors distract from the message they need to convey. Take this short quiz for practice in subject-verb agreement.